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DETAILED ACTION 



This communication is in response to the amendment filed July 23, 2007. Claims 1-6 
and 8-19 are pending. Claim 7 has been cancelled. Claims 1, 2, 4-6, and 8 have been 
amended. 



Drawings 



The drawings have been amended and the objection is withdrawn. 



Claim Rejections - 35 USC § 101 



The claims have been amended and the 35 USC 101 rejections are withdrawn. 



Claim Rejections - 35 USC §112 



The claims have been amended and the 35 USC 112 rejections are withdrawn. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 USC. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 
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(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-10 are rejected under 35 U.S.C. 102(e) as being anticipated by Cross 
et at. (US 2004/0162786) herein referred to as Cross. 

Claim 1 discloses (Currently Amended) an integrated security information management 
system, comprising: 

an Extensible Markup Language (XML) key managing (figure 7 XKMS Client 776 
and associated text) server to moans for p e rform i ng on interface with an external 
security information management client based on an XML, authonticat i ng to 
authenticate a user, analyzing to analyze a request from the an integrated security 
information management client, and r e quest i ng to send a processing request a 
procoss i ng to an access control means server, wherein the access controls server 
comprises (Logon Screen 760 and associated text), an authenticating means or an 
external public key infrastructure certification server (figure 6, key pair 608 and 
associated text) an authenticating means or an external public key infrastructure 
certification server depending on a request kind (Fig. 6 and 7 and associated text where 
the Digital Identification Management Service is interpreted to be the integrated 
security information management system); 

the access control means server for prov i d i ng to provide a user authenticating function 
(Logon Screen 760 and associated text, also paragraph [0025]), an access authority 
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policy generating function for a limited shared data storing m o ans unit (paragraph 
[0025], "authentication... digital ID's"), an access authority confirming function depending 
on the access authority policy (paragraph [0025], "authentication... digital ID's"), a 
shared security information providing function for an access-allowed user (paragraph 
[0025] where in "authentication... digital ID's" shares security information), a security 
information position information providing function (paragraph [0025] wherein 
"authentication... digital ID's" provides security information), a shared security 
information registering/deleting/updating function (paragraphs [0025] and [0044] 
wherein "The DIMS... IDs" includes "storing, retrieving, deleting, listing (enumerating) 
and. verifying digital ID's), a shared security information share setting/releasing function 
(paragraphs [0025], [0044], and [0052] wherein the shared security information setting 
function refers to "with proper permissions set"), and an XML digital 
signature/verification/encryption/decryption/communication security function depending 
on a shared security information processing request from the XML key managing 
m e ans server (Fig. 6 and 7 and associated text, especially 609 and 776), wherein the 
access control server uses a signature received from a security information owner 
according to the reguest of the integrated security information management client to 
further perform a security information share-agency setting function for allowing other 
users to set/release a share and a function of informing, the security information owner 
of a security information share-agencv setting, reguest (paragraphs [0046] and [0071] 
and [0072] which describe an enterprise trust model with multiple clients; In paragraph 
[0053] Cross teaches personal stores that store the user's digital IDs. These personal 
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stores are also used for "signing and decrypting the user's messages". The Examiner 
interprets this to be a personal share setting request. In paragraph [0054] Cross 
teaches an API that uses "query, write, modify, create, or delete commands to perform 
actions on the credentials". The Examiner interprets these credentials to be share- 
agency setting requests as well.); 

the authenticating m e ans server for provid i ng to provide the user authenticating 
function (paragraph [0025], "authentication... digital ID's"), a person-in-question 
authenticating function (paragraph [0025] where credential management is interpreted 
to be person-in-question]), a non-shared security information providing function for the 
access-allowed user (the person-in-question) (paragraph [0052] where permissions are 
interpreted to be information providing function), a security information position 
providing function, a non-shared security information registering/modifying/deleting 
function (paragraph [0053] where the personal store is not shared), and the XML digital 
signature/verification/encryption/decryption/communication security function depending 
on a non-shared security information processing request from the XML key managing 
m ea n s server (paragraph [0070] "XML Key Management... trust information"); 

the limited shared data storing means unit for stor i ng and manag i ng to store and 
manage security information shared by an object limited depending on a control of the 
access control moans server (paragraph [0052] pertaining to permissions); and 

a non-shared data storing means unit for stor i ng and manag i ng to store and 
manage security information that should not be shared depending on control of the 
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authenticating means server (paragraph [0053] where My Store is not scared, also 
"while any digital ID... user's messages"). 

Claim 2 discloses (Currently Amended) the integrated security information management 
system as recited in claim 1 , wherein in the access authority confirming function 
depending on an access authority policy of the access control moans server , if the 
access control m e ans server receives an access request to the limited shared data 
storing m e ans unit from the XML key managing means server, after a user 
authentication is performed, the access authority policy corresponding to the requested 
security information is read to confirm whether or not a user has authority (Fig. 6 and 7 
and paragraph [0025]). 

Claim 3 (Original) discloses the integrated security information management system as 
recited in claim 2, wherein when the user registers the security information through the 
integrated security information management client, the access authority policy is 
generated and is continuously and dynamically updated depending on updating/deleting 
and share setting/releasing of the security information later registered (paragraphs 
[0053] and [0054]). 

Claim 4 (Currently Amended) discloses the integrated security information management 
system as recited in any one of the claims 1 to 3, wh e r ei n tho accoss contro l m e ans and 
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the authenticating m e ans server uses a the signature received from a the security 
information owner according to the request of the integrated security information 
management client to further perform a security information share-agency setting 
function for allowing other users to set/release a share and a function of informing the 
security information owner of a the security information share-agency setting request 
(paragraph [0046]). 

Claim 5 (Currently Amended) discloses the integrated security information management 
system as recited in claim 4, wherein the access control m e ans serve r and the 
authenticating means server uses a signature and a, certificate issued from other users 
according to the request of the integrated security information management client to 
further perform a shared security information retrieving function for retrieving the 
security information shared by a self, a shared security information retrieval confirming 
function for informing the security information owner of execution of the shared security 
information retrieving function depending on the execution, and a shared security 
information usage log confirming function for confirming a log for a shared security 
information usage (paragraphs [0046] and [0071] and [0072] which describe an 
enterprise trust model with multiple clients). 

Claim 6 (Currently Amended) discloses an integrated security information management 
method, comprising the steps of: 
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classifying security information depending on its kind according to a security 
information registering/updating/deleting request from an integrated security information 
management client to register/update/delete the classified security information from a 
limited shared data storage or a non-shared data storage at an integrated security 
information management system(paragraphs [0044] "The DIMS . . . digital ID's" and 
[0088] pertaining to renewing digital ID's and life cycle functions); 

setting/releasing a share for the security information registered into the limited 
shared data storage according to a security information share setting/releasing request 
from the integrated security information management client, and generating/updating a 
security access authority policy at the integrated security information management 
system (paragraphs [0053] and [0054], ""the user can... management tasks"); 

confirming a request user's authority depending on a security access authority 
policy according to a shared security information providing request from the integrated 
security information management client, and then providing corresponding security 
information for the integrated security information management client at the integrated 
security information management system (Fig. 6 and 7 and paragraph [0025], where in 
"authentication... digital ID's" confirms and provides security); 

authenticating that a request user is a non-shared security information owner 
according to a non-shared security information providing request from the integrated 
security information management client, and then providing corresponding security 
information for the integrated security information management client at the integrated 
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security information management system (Fig. 6 and 7 and paragraph [0025]m where in 
"authentication... digital ID's" authenticates and provides); and 

generating/verifying a digital signature according to a digital signature 
generating/verifying request using an XML from the integrated security information 
management client at the integrated security information management system (Fig. 6 
and 7 and paragraphs [0025] and [0046] "use in authentication, digital signature, 
encryption/decryption processes"); and 

informing a security information owner of a security information share-agency 
setting reguest according to an other owners' security information share-agency setting 
reguest from the integrated security information management client to receive 
acknowledgement, and then allowing other users to use a signature received from the 
security information owner to set/release the share for corresponding security 
information at the integrated security information management system , (paragraphs 
[0046] and [0071] and [0072] which describe an enterprise trust model with multiple 
clients; In paragraph [0053] Cross teaches personal stores that store the user's digital 
IDs. These personal stores are also used for "signing and decrypting the user's 
messages". The Examiner interprets this to be a personal share setting request. In 
paragraph [0054] Cross teaches an API that uses "query, write, modify, create, or delete 
commands to perform actions on the credentials". The Examiner interprets these 
credentials to be share-agency setting requests as well. This share setting allows users 
to set or release a share.) 
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Claim 8 (Currently Amended) discloses the integrated security information management 
method as recited in claim 6 erf, further comprising the step of: 

informing the security information owner of a security information verifying 
request according to an other owners' security information verifying request from the 
integrated security information management client to receive acknowledgement, and 
then providing a verified result of other owners' security information for the integrated 
security information client at the integrated security information system (paragraphs 
[0046] and [0071] and [0072] which describe an enterprise trust model with multiple 
clients). 

Claim 9 (Original) discloses the integrated security information management method as 
recited in claim 8, wherein the security information registering / updating / deleting step 
comprises the steps of: 

a user's requesting an extensible XKMS server of the integrated security 
information management system for security information registration / update / deletion 
through the integrated security information management client; 

authenticating the request user and confirming a security information kind at the 
extensible XKMS server; 

as the confirmation result, if the security information kind is sharable, sending the 
request to an access control server to register / update / delete the security information 
from-a limited shared data storage; and 
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as the confirmation result, if the security information kind is non-sharable, 
sending the request to an authentication server to register / update / delete the security 
information from a non-shared data storage (Figures 6 and 7 and associated text, 
particularly paragraphs [0124]-[0127] which explain XKMS Client 776 and how it 
interacts with the life cycle manager) (Figures 6 and 7 and associated text, particularly 
paragraphs [0124]-[0127] which explain XKMS Client 776 and how it interacts with the 
life cycle manager). 

Claim 10 (Original) discloses the integrated security information management method 
as recited in claim 8, wherein the security information share setting/releasing step 
comprises the steps of: 

a user's requesting the extensible XKMS server of the integrated security 
information management system for security information share set/release through the 
integrated security information management client; 

authenticating the request user at the extensible XKMS server, and then sending 
a security information share setting/releasing request to the access control server; and 
loading an access authority policy for corresponding security information at the access 
control server, and then confirming whether or not the access authority policy is set to 
allow the request user to share; and 

as the confirmation result, in case the access authority policy is set to allow the 
request user to share, reading the corresponding security information from the limited 
shared data storage to send the read security information to the request user through 
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the integrated security information management client (Figures 6 and 7 and associated 
text, particularly paragraphs [0124]-[0127] which explain XKMS Client 776 and how it 
interacts with the life cycle manager). 

Note: Examiner has pointed out particular references contained in the prior arts of 
record and in the body of this action for the convenience of the applicant. Although the 
specified citations are representative of the teachings in the art and are applied to the 
specific limitations within the individual claim, other passages and figures may apply as 
well. Applicant should consider the entire prior art as applicable to the limitations of the 
claims. It is respectfully requested from the applicant, in preparing for response, to 
consider fully the entire reference as potentially teaching all or part of the claimed 
invention, as well as the context of the passage as taught by the prior arts or disclosed 
by the Examiner. 

Response to Arguments 

Applicant's arguments filed July 23, 2007 have been fully considered but they are 
not persuasive. 

With respect to claim 1 , the Applicant argues that Cross fails to teach the 
limitation of a share-agency setting request. The Examiner respectfully disagrees. In 
paragraph [0053] Cross teaches personal stores that store the user's digital IDs. These 
personal stores are also used for "signing and decrypting the user's messages". The 
Examiner interprets this to be a personal share setting request. In paragraph [0054] 
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Cross teaches an API that uses "query, write, modify, create, or delete commands to 
perform actions on the credentials". The Examiner interprets these credentials to be 
share-agency setting requests as well. This share setting allows users to set or release 
a share. The Applicant argues that Cross does not teach informing the security owner 
of the share settings. The Examiner respectfully disagrees. The API is used for the 
DIMS as explained in paragraph [0040]. The DIMS has been interpreted to be the 
integrated security information management system, therefore the DIMS is informed of 
the share setting changes. 

Claims 2-5 depend upon claim 1 that has been rejected above. That is combined 
with their individual rejections. Therefore, the rejections of claims 2-5 are maintained. 

In regard to claim 6, the Applicant argues that Cross does not teach informing the 
security owner of the share agency setting request. The Examiner respectfully 
disagrees. In paragraph [0053] Cross teaches personal stores that store the user's 
digital IDs. These personal stores are also used for "signing and decrypting the user's 
messages". The Examiner interprets this to be a personal share setting request. In 
paragraph [0054] Cross teaches an API that uses "query, write, modify, create, or delete 
commands to perform actions on the credentials". The Examiner interprets these 
credentials to be share-agency setting requests as well. This share setting allows users 
to set or release a share. The Applicant argues that Cross does not teach informing the 
security owner of the share settings. The Examiner respectfully disagrees. The API is 
used for the DIMS as explained in paragraph [0040]. The DIMS has been interpreted to 
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be the integrated security information management system, therefore the DIMS is 
informed of the share setting changes. 

Claims 8-10 depend upon claim 6 that has been rejected above. That is 
combined with their individual rejections. Therefore, the rejections of claims 8-10 are 
maintained. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nicole M. Young whose telephone number is 571-270- 
1382. The examiner can normally be reached on Monday through Friday, alt Fri off, 
8:00am-5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax. phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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9/19/2007 




